cli: prevent terraform apply drift when patching and re-applying existing terraform deployment (#1873)

The implementation would recreate the gcp instance template (including all instances and state disks) whenever the image tfvar changes.
Fixed by ignoring lifecycle changes on the instance templates.
Fixes 8c3b963
This commit is contained in:
Malte Poll 2023-06-05 14:52:39 +02:00 committed by GitHub
parent 900d51d49f
commit 439359ffbc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -16,7 +16,7 @@ locals {
resource "google_compute_instance_template" "template" { resource "google_compute_instance_template" "template" {
name = local.name name = local.name
machine_type = var.instance_type machine_type = var.instance_type
tags = ["constellation-${var.uid}"] // Note that this is also applied as a label tags = ["constellation-${var.uid}"] // Note that this is also applied as a label
labels = merge(var.labels, { constellation-role = local.role_dashed }) labels = merge(var.labels, { constellation-role = local.role_dashed })
confidential_instance_config { confidential_instance_config {
@ -78,6 +78,19 @@ resource "google_compute_instance_template" "template" {
enable_vtpm = true enable_vtpm = true
enable_integrity_monitoring = true enable_integrity_monitoring = true
} }
lifecycle {
ignore_changes = [
tags,
labels,
disk, # required. update procedure modifies the instance template externally
metadata,
network_interface,
scheduling,
service_account,
shielded_instance_config,
]
}
} }
resource "google_compute_instance_group_manager" "instance_group_manager" { resource "google_compute_instance_group_manager" "instance_group_manager" {